コード例 #1
0
func exportScanResult(w http.ResponseWriter, r *http.Request) {
	m := parseQueryString(r.RequestURI)
	_, ok := m["scan"]
	if !ok {
		return
	}

	// create a new buffer
	b := &bytes.Buffer{}
	wr := csv.NewWriter(b)

	scan := db.GetScanData(m["scan"])

	// insert some format stuff to make the cvs looking better
	wr.Write([]string{"       "})
	wr.Write([]string{" ", "Project:", scan["name"]})
	wr.Write([]string{" ", "Scan:", scan["date"]})
	wr.Write([]string{" "})
	wr.Write([]string{" ", "Findings in this scan", " ", " ", " ", " States: 0 new / 1 false-positiv / 2 solved"})
	wr.Write([]string{" "})
	wr.Write([]string{" "})
	wr.Write([]string{" ", "CATEGORY", "PLUGIN", "SEVERITY", "STATE", "URL", "COMMENT", "DESCRIPTION"})

	// first run get results by scan
	vulns := db.GetVulnerabilities(m["scan"], "0")
	// second run get results by project
	//vulns := db.GetVulnerabilities("0", scan["id"])

	// TODO build external function
	//generateScanResult(vulns)
	//generateScanResult(vulns)
	categories := db.GetCategories()
	plugins := db.GetPlugins()
	severities := db.GetSeveritiesById()

	for _, catRow := range categories {
		wr.Write([]string{" ", catRow["name"]})
		for _, pluginRow := range plugins {
			if pluginRow["cat"] == catRow["id"] {
				wr.Write([]string{" ", " ", pluginRow["name"], " "})
				for _, vulnRow := range vulns {
					if vulnRow["plugin"] == pluginRow["id"] {
						wr.Write([]string{" ", " ", pluginRow["name"], severities[vulnRow["sev"]], vulnRow["state"], vulnRow["url"], vulnRow["comment"], vulnRow["desc"]})
					}
				}
			}
		}
	}

	wr.Flush()

	w.Header().Set("Content-Type", "text/csv")
	w.Header().Set("Content-Disposition", "attachment;filename=report.csv")
	w.Write(b.Bytes())

}
コード例 #2
0
func parseXML(path string) bool {
	var cat, check string
	// is the path to the xml file correct?
	xmli, err := os.Open(path)
	checkErr(err)
	defer xmli.Close()

	project := getProject(path)
	scan := getScan(project)
	plugins := db.GetPlugins()
	categories := db.GetCategories()
	severities := db.GetSeverities()
	dc := xml.NewDecoder(xmli)

	// first we read and update the categories and the plugis
	for {
		v, _ := dc.Token()
		if v == nil {
			break
		}
		switch r := v.(type) {
		case xml.StartElement:
			_, ok := categories[r.Name.Local]
			if ok {
				// we found a categoriy
				cat = r.Name.Local
				fmt.Printf("Found category %s. Cat ID: %s Start reading plugins\n ", cat, categories[cat]["id"])
			}
			if r.Name.Local == "plugin" {
				var pn plugin
				dc.DecodeElement(&pn, &r)
				_, ok := plugins[pn.Name]
				if ok {
					// plugin already known
					fmt.Printf("Found already known plugin: %s. Doing nothing\n ", pn.Name)
				} else {
					// unknown plugin.
					fmt.Printf("Found not known plugin: %s. Insert it into the database. Categorie is %s (ID:%s)\n ", pn.Name, cat, categories[cat]["id"])
					id := db.PluginInsert(categories[cat]["id"], pn.Name)
					fmt.Printf("Plugin inserted. ID: %v\n ", id)
					check = "reload"
				}
			}

			if r.Name.Local == "vulnerability" {
				// we reach the vuln part of the xml so we are finishred with the categories and plugins
				// exit the function and restart it to parsing just the the vulnerabilities
				if check == "reload" {
					return false
				}
				var vn vuln
				dc.DecodeElement(&vn, &r)
				db.VulnerabilityInsert(vn.URL, vn.Description, severities[vn.Severity], plugins[vn.Plugin]["id"], plugins[vn.Plugin]["cat"], project, scan)

			}

		}

	}
	fmt.Println("vulnerabilities done. Exiting now")
	return true
}